Rodrigo Arias Mallo
32c919d1fc
Starting with GitLab 16, there is a new mechanism to authenticate the runners via authentication tokens, so use it instead. Older tokens and runners are also removed, as they are no longer used. With the new way of managing tokens, both the tags and the locked state are managed from the GitLab web page. See: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
57 lines
1.9 KiB
Nix
57 lines
1.9 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
|
|
{
|
|
age.secrets.gitlabRunnerShellToken.file = ../../secrets/gitlab-runner-shell-token.age;
|
|
age.secrets.gitlabRunnerDockerToken.file = ../../secrets/gitlab-runner-docker-token.age;
|
|
|
|
services.gitlab-runner = {
|
|
enable = true;
|
|
settings.concurrent = 5;
|
|
services = let
|
|
common-shell = {
|
|
executor = "shell";
|
|
environmentVariables = {
|
|
SHELL = "${pkgs.bash}/bin/bash";
|
|
};
|
|
};
|
|
common-docker = {
|
|
executor = "docker";
|
|
dockerImage = "debian:stable";
|
|
registrationFlags = [
|
|
"--docker-network-mode host"
|
|
];
|
|
environmentVariables = {
|
|
https_proxy = "http://localhost:23080";
|
|
http_proxy = "http://localhost:23080";
|
|
};
|
|
};
|
|
in {
|
|
# For pm.bsc.es/gitlab
|
|
gitlab-pm-shell = common-shell // {
|
|
authenticationTokenConfigFile = config.age.secrets.gitlabRunnerShellToken.path;
|
|
};
|
|
gitlab-pm-docker = common-docker // {
|
|
authenticationTokenConfigFile = config.age.secrets.gitlabRunnerDockerToken.path;
|
|
};
|
|
};
|
|
};
|
|
|
|
#systemd.services.gitlab-runner.serviceConfig.Shell = "${pkgs.bash}/bin/bash";
|
|
systemd.services.gitlab-runner.serviceConfig.DynamicUser = lib.mkForce false;
|
|
systemd.services.gitlab-runner.serviceConfig.User = "gitlab-runner";
|
|
systemd.services.gitlab-runner.serviceConfig.Group = "gitlab-runner";
|
|
systemd.services.gitlab-runner.serviceConfig.ExecStart = lib.mkForce
|
|
''${pkgs.gitlab-runner}/bin/gitlab-runner run --config ''${HOME}/.gitlab-runner/config.toml --listen-address "127.0.0.1:9252" --working-directory ''${HOME}'';
|
|
|
|
users.users.gitlab-runner = {
|
|
uid = config.ids.uids.gitlab-runner;
|
|
#isNormalUser = true;
|
|
home = "/var/lib/gitlab-runner";
|
|
description = "Gitlab Runner";
|
|
group = "gitlab-runner";
|
|
extraGroups = [ "docker" ];
|
|
createHome = true;
|
|
};
|
|
users.groups.gitlab-runner.gid = config.ids.gids.gitlab-runner;
|
|
}
|